AMD open-source developer Nicolai Hähnle has spent the past few months working on the ARB_gl_spirv extension as mandated by OpenGL 4.6. Some of the prep work for supporting that extension has landed in Mesa 17.4-dev Git.

ARB_gl_spirv is about bringing SPIR-V support to OpenGL drivers, the IR shared by Vulkan and OpenCL 2.1+. ARB_gl_spirv allows for loading SPIR-V modules into OpenGL programs and allows for GLSL to be a source language in creating SPIR-V modules. This is basically for creating better interoperability between OpenGL and Vulkan/SPIR-V.

This week has started off to being another busy time in Mesa Git just ahead of the holidays.

First up, Mount & Blade: Warband is the latest game to be white-listed by the Mesa glthread functionality for enabling OpenGL threading on this Steam Linux game. Mount & Blade: Warband was actually whitelisted back in July but then disabled a few days later as it turned out not to be working.

Broadcom developer Eric Anholt has offered an update on the state of the VC5 Gallium3D driver for OpenGL support as well as the work being done on the "BCMV" Vulkan driver. Additionally, the VC4 Gallium3D driver for existing Raspberry Pi devices continues to get better.

The RadeonSI Gallium3D driver's NIR back-end is moving one step closer to feature parity with the existing OpenGL capabilities of this AMD GCN graphics driver.

Timothy Arceri working for Valve has been focusing on the NIR back-end recently for RadeonSI. This NIR intermediate representation handling is being driven in order to add SPIR-V ingestion support to RadeonSI with code sharing for RADV's existing NIR-based infrastructure.

The Ultimate Trivia Challenge [Steam, Official Site] is a game that will test your knowledge about various subjects, it has Linux support and it might be a good choice for when you're having a little party.

Newcomer ArchMerge Linux offers a big change for the better to those switching from the Debian Linux lineage to the Arch Linux infrastructure.

ArchMerge Linux is a recent spinoff of ArchLabs Linux. I recently reviewed Archlabs and found it to be a step up from most Arch Linux offerings in terms of installation and usability. Arch Linux distros, in general, are notorious for their challenging installation and software management processes.

ArchMerge Linux brings a few extra ingredients that make trying it well worth your while if you want to consider migrating to the Arch Linux platform. Still, no Arch Linux distro is a suitable starting point for Linux newcomers. That reality does not change with ArchMerge, although it helps ease the process considerably for those who are ready for it.

He’s best known for being the world’s first “Afronaut,” but since returning to Earth from his 2002 trip on Russia’s Soyuz TM-34 rocket ship, Cape Town native Mark Shuttleworth set about with the conquest of a much more lucrative universe: the internet-of-things.

Shuttleworth created Ubuntu, an open-source Linux operating system that helps connect everything from drones to thermostats to the internet. His company, Canonical Group Ltd., makes money from about 800 paying customers, including Netflix Inc., Tesla Inc. and Deutsche Telekom AG, which pay for support services. Its success has helped boost his net worth to $1 billion, according to the Bloomberg Billionaires Index.

“It’s destructive to be too focused on that,” Shuttleworth said of his wealth in an interview at Bloomberg’s office in Boston. “It’s just a distraction from whether you have your finger on the pulse of what’s next.”

Created in Brazil, Rocket.Chat provides an open source chat solution for organisations of all sizes around the world. Built on open source values and a love of efficiency, Rocket.Chat is driven by a community of contributors and has seen adoption in all aspects of business and education. As Rocket.Chat has evolved, it has been keen to get its platform into the hands of as many users as possible without the difficulties of installation often associated with bespoke Linux deployments.

The Silph Road is the premier grassroots network for Pokémon GO players around the world offering research, tools, and resources to the largest Pokémon GO community worldwide, with up to 400,000 visitors per day

Operating a volunteer-run, community network with up to 400,000 daily visitors is no easy task especially in the face of massive and unpredictable demand spikes, and with developers spread all over the world.With massive user demand and with volunteer developers located all over the world, The Silph Road’s operations must be cost-effective, flexible, and scalable.

This led the Pokémon GO network first to cloud, and then to containers and in both cases Canonical ’s technology was the answer.

Apple last week released Turi Create, an open source package that it says will make it easy for mobile app developers to infuse machine learning into their products with just a few lines of code.

“You don’t have to be a machine learning expert to add recommendations, object detection, image classification, image similarity, or activity classification to your app,” the company says in the GitHub description for Turi Create. “Focus on tasks instead of algorithms.”

CVE-2017-5638 is the code vulnerability that will long live in the corporate memory of Equifax, the credit ratings agency. A simple patch management system might have kept that vulnerability from turning into one of the most high-profile data breaches in recent memory.

CVE-2017-5638 is a remote code execution bug that affects the Jakarta Multipart parser in Apache Struts, an open source application framework for developing Java EE web applications. Remote code execution bugs are generally extremely serious, and for that reason, when the vulnerability was discovered, the Apache Foundation recommended that any developers or users of affected versions of Struts upgrade to later versions that had been patched to close the vulnerability.

Available to pre-order on Thursday for a special price via an Indiegogo crowdfunding campaign, the Ataribox is shaping up to be an amalgam of retro gaming console and living room PC. Details are mostly sketchy at this point, but we do know that it will be powered by some variant of Linux OS and will include over 100 Atari classic games pre-installed.

Preorders for the Ataribox, the classic game company’s take on a NES Classic retro console, are slated to go live this Thursday, according to a report from CNET citing an email from Atari sent out today to interested consumers. The Ataribox was first teased back at E3 in June and then in a more formal unveiling in July, in which the Atari 2600-inspired PC was shown in two customization options: a wood-like finish or a more modern and sleek black and red look.

Ibase announced a new line of fanless MPT V-Series computers for IoT applications, starting with two rugged, in-vehicle models: the MPT-7000V with Intel’s 7th (“Kaby Lake”) or 6th (“Skylake”) Generation Core processors and the MPT-3000V with a quad-core, 1.91GHz Atom E3845 from the Bay Trail generation with 10W TDP. The systems support Windows 7/10 or Linux with kernel 3.8.0. In both cases, 64-bit implementations are required in order to use the driver for the supplied G-sensor, which appears to be necessary for shock resistance.

The Intel Apollo Lake based MXE-210 adds to a line of rugged Adlink MXE computers such as the Bay Trail Atom based MXE-200i. The compact, 140 x 110 x 58mm MXE-210 is an “IIoT-ready combination embedded controller and IoT gateway” designed for rugged industrial automation, transportation, agriculture/aquaculture, and smart city applications, says Adlink.

Over the past few years, the entire networking industry has begun to transform as network demands rapidly increase. This is true for both the technology itself and the way in which carriers — like my employer Orange, as well as vendors and other service providers — adapt and evolve their approach to meeting these demands. As a result, we’re becoming more and more agile and adept in how we virtualize our evolving network and a shifting ecosystem.” keep up with growing demands and the need to virtualize.

With its open source Fn project, Oracle is looking to make a splash in serverless computing.

Fn is a container native serverless platform that can be run on-premises or in the cloud. It requires the use of Docker containers. Fn developers will be able to write functions in Java initially, with Go, Ruby, Python, PHP, and Node.js support planned for later. Applications can be built and run without users having to provision, scale, or manage servers, by using the cloud.

Just because we’re using containers doesn’t mean that we “do DevOps.” Docker is not some kind of fairy dust that you can sprinkle around your code and applications to deploy faster. It is only a tool, albeit a very powerful one. And like every tool, it can be misused. Guess what happens when we misuse a power tool? Power fuck-ups. Let’s talk about it.

I’m writing this because I have seen a few people expressing very deep frustrations about Docker, and I would like to extend a hand to show them that instead of being a giant pain in the neck, Docker can help them to work better, and (if that’s their goal) be an advantage rather than a burden in their journey (or their “digital transformation” if we want to speak fancy.)

Coming hot on the BlackArch Linux 2017.11.24 ISO snapshot released two weeks ago with more than 50 new hacking tools, the BlackArch Linux 2017.12.11 ISO images are now available to download incorporating the latest version of the BlackArch Installer utility, which fixes a few critical bugs.

The bugs were related to a login loop and the supported window managers, and they are now fixed in BlackArch Installer 0.6.2, which is included in the BlackArch Linux 2017.11.24 ISO snapshot. Also included is the Linux 4.14.4 kernel and many of the latest system updates and security patches released upstream.

We reported last week on the upcoming support for HiDPI displays coming to System76's for its Ubuntu-based Pop!_OS Linux distro, and it didn't take long for them to release the new daemon that would enable HiDPI support on all of its laptops and desktops where Ubuntu or Pop!_OS Linux is installed.

HiDPI support was becoming an urgent necessity for System76 as more and more customers started asking for assistance in setting up their displays. And while the Wayland display server isn't yet mature enough to be adopted by all GPU vendors and completely replace X.Org, there was a need for a compromise.

I run many operating systems every day, from macOS, to Windows 7 and 10, to more Linux desktop distributions than you can shake a stick at. And, once more, as a power-user's power user, I've found the latest version of Linux Mint to be the best of the best.

Why? Let's start with the basics. MacOS has been shown to have the worst bug I've ever seen in an operating system: The macOS High Sierra security hole that lets anyone get full administrative control. Windows, old and new, continues to have multiple security bugs every lousy month. Linux? Sure, it has security problems. How many of these bugs have had serious desktop impacts? Let me see now. None. Yes, that would be zero.

Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines.

Last week, Fox-IT published a Python script that recovers event log entries deleted using the "eventlogedit" utility that's part of DanderSpritz, a supposed NSA cyber-weapon that was leaked online by a hacking group known as the Shadow Brokers.

According to Fox-IT, they found a flaw in the DanderSpritz log cleaner when they realized the utility does not actually delete event log entries, but only unreferences them, merging entries together.

A keylogger that can help record pretty much every keystroke on the computer has been discovered on HP’s devices, with a security researcher revealing that hundreds of laptop models come with this hidden software pre-installed.

Michael Myng says in an analysis of the keylogger that the malicious code is hiding in the Synaptics Touchpad software and he actually discovered it when looking into ways to control the keyboard backlight on his laptop.

According to his findings, the keylogger isn’t activated by default, but it can be turned on by any cybercriminals that get access to the system. The list of affected models includes hundreds of laptops like EliteBook, ProBook, Spectre, Zbook, Envy, and Pavilion.

Flaws in software often offer a potential path for attackers to install malicious software, but you wouldn't necessarily expect a hardware vendor to include potentially malicious software built right into its device drivers. But that's exactly what a security researcher found while poking around the internals of a driver for a touchpad commonly used on HP notebook computers—a keystroke logger that could be turned on with a simple change to its configuration in the Windows registry.

Microsoft needed more than 100 days to fix a critical credential leak in Dynamics 365 after the company originally ignored the bug report and only reacted after being warned that details could go public.

Software engineer Matthias Gliwka explains in a long blog post that he discovered and reported a security flaw in Microsoft’s Customer Relationship Manager and Enterprise Resource Planning software in August, but the software giant refused to fix it on claims that administrator credentials would be required.

Gliwka says he came across a wildcard transport layer security (TLS) certificate that also included the private key, which would in turn expose communications by anyone who could decrypt traffic. The developer says that extracting the certificate grants access to any sandbox environment, with absolutely no warning or message displayed to clients.

Now, in a blockchain, the important thing is that once the state has changed, you then ensure it's recorded on the blockchain so that it's public and nobody can change or challenge it. But there are other uses for blockchain technology, as I explained in "Is blockchain a security topic?" Permissionless systems, often referred to as distributed ledger technologies (DLTs) are a great fit for non-transactional state models, largely because the sort of people who are interested in them are closed groups of organisations that want to have complex sets of conditions met before they move to the next state. These aren't, by the tightest definition, blockchains. Banks and other financial institutions may be the most obvious examples where DLTs are gaining traction, but they are very useful in supply chain sectors, for instance, where you may have conditions around changing market rates, availability, and shipping times or costs, which may all play into the final price of the commodity or service being provided.

Running an open source project is easy. All you have to do is make your source code available and you’re open source, right? Well, maybe. Ultimately, whether or not an open source project is successful depends on your definition of success. Regardless of your definition, creating an open source project can be a lot of work. If you have goals regarding adoption, for example, then you need to be prepared to invest. While open source software is “free as in beer”, it’s not really free: time and energy are valuable resources and these valuable resources need to be invested in the project.

During this year’s coding sprint in Toulouse (which I was able to attend, thanks to being in Europe on a study-abroad program), I spent a lot of time massaging HaikuPorts to generate a consistent-enough state of packages for us to switch to them by default, and then making the in-tree changes necessary for the switch. Thanks to this and mmlr’s comprehensive overhaul of the HaikuPorter Buildmaster over the past couple months, we have finally switched to the new repositories by default as of hrev51620. If you’ve installed a nightly image from after this, you should be able to just pkgman full-sync and upgrade away.

Megan Molteni, Wired, decoded, at least, the very nature of the challenge to know more about our human puzzle. "Today, a teaspoon of spit and a hundred bucks is all you need to get a snapshot of your DNA. But getting the full picture—all 3 billion base pairs of your genome—requires a much more laborious process. One that, even with the aid of sophisticated statistics, scientists still struggle over."

DeepVariant was developed by researchers from the Google Brain team, focused on AI techniques, and Verily, the Alphabet subsidiary focused on life sciences.

It is based on the same neural network for image recognition, but DeepVariant, is now making headlines not for cat IDs but as a way to scan a genetic code for mutations. DeepVariant has gone open source. The GitHub definition of DeepVariant: "an analysis pipeline that uses a deep neural network to call genetic variants from next-generation DNA sequencing data."

Power users love open source software for its transparency and flexibility – but what about open source VPN software? Are there any open source VPN clients that can stand up to being compared with the more popular VPN apps from premium providers like ExpressVPN, VyprVPN, IPVanish or NordVPN?

The short answer is... not really. But the long answer depends a lot on your level of technical know-how, patience, and where you’re willing to place your trust.

On November 7, 2017, members of the Rochester Institute of Technology (RIT) community came together for the annual Election Night Hackathon held in the Simone Center for Student Innovation. This marked the seventh anniversary of a civic tradition for the FOSS @ MAGIC community, in which students and faculty analyze civic problems in the local community, state, or country and propose a project to address them. MAGIC Center faculty and event organizers are on hand to help students choose open source licenses and publish and share their code.

Randa Meetings are a yearly collection of KDE Community contributor sprints that take place in Randa, Switzerland. With origins dating back to a Plasma meeting in 2009, Randa is one of the most important developer-related events in the community.

Two months ago I attended to KDE Edu Sprint 2017 at Berlin. It was my first KDE sprint (really, I send code to KDE software since 2010 and never went to a sprint!) so I was really excited for the event.

KDE Edu is the an umbrella for specific educational software of KDE. There are a lot of them and it is the main educational software suite in free software world. Despite it, KDE Edu has received little attention in organization side, for instance the previous KDE Edu sprint occurred several years ago, our website has some problems, and more.

Therefore, this sprint was an opportunity not only for developers work in software development, but for works in organization side as well.

In organization work side, we discuss about the rebranding of some software more related to university work than for “education” itself, like Cantor and Labplot. There was a wish to create something like a KDE Research/Science in order to put software like them and others like Kile and KBibTex in a same umbrella. There is a discussion about this theme.

The BlueCore CSR chips are used everywhere. If you have a “wireless” speaker or headphones that uses Bluetooth there is a high probability that it’s using a CSR chip inside. This makes the addition of CSR support into fwupd a big deal to access a lot of vendors. It’s a lot easier to say “just upload firmware” rather than “you have to write code” so I think it’s useful to have done this work.

Imagine a scenario where a programmer needs to follow a couple of tried and tested procedures to write code that becomes a part of a bigger program that needs some insightful contribution from another programmer. So, is the first programmer really needed? Can’t we find a robotic replacement for the same?

In the past, GitHub CEO had already made a prediction which says that future of coding is no coding at all. A similar speculation has been made by the researchers at the Oak Ridge National Laboratory, Tennessee, who have said that machines will write most of their own code by 2040.

The open-source Darktable RAW photography software that's long been available for Linux and macOS has finally been ported to Microsoft Windows. But fortunately that's not all to be found in Darktable 2.4.

While Windows support is their big headline feature of Darktable 2.4, the RC1 release that came out today is also packed with other improvements.

Another week has flown by, making it time for another round-up of pertinent Linux app releases that didn’t manage to wangle a full post’s worth of waffle on this site.

This week’s crop of curios includes updates to the world’s most popular open-source video player, the world’s most popular open-source audio editor, and the world’s most popular open-source graphics drivers.

There are numerous file encryption tools available on the market to protect your files. We have already reviewed some encryption tools such as Cryptomater, Cryptkeeper, CryptGo, Cryptr, Tomb, and GnuPG etc. Today, we will be discussing yet another file encryption and decryption command line utility named “Toplip”. It is a free and open source encryption utility that uses a very strong encryption method called AES256, along with an XTS-AES design to safeguard your confidential data. Also, it uses Scrypt, a password-based key derivation function, to protect your passphrases against brute-force attacks.

GNUstep is the long-standing free software project working to implement Apple's Cocoa Objective-C frameworks used by macOS. The GNU project has made new releases of their GUI and Back libraries.

GNUstep GUI 0.26 is out this morning as the latest update to their graphical user-interface library. GNUstep GUI 0.26 has a number of compatibility improvements, translation updates, mouse tracking logic improvements, bug fixes, and other work.

Today at Monday, 11 December 2017, we happily release our latest free ebook "Newbie's Guide to Ubuntu 17.10". This ebook is intended for new users (especially you who come from MS Windows) with the main contents divided in three parts: operating the desktop, using the file manager, and managing the settings, plus, an easy guide to install Ubuntu system with pictures. You can download this ebook at no cost as ODT and PDF formats. You are free to read, copy, edit, remix, print, share, lend, sell, and distribute this ebook because it's licensed under CC BY-SA 3.0. Download this ebook and share to your friends! Happy learning!

More in Tux Machines

Debian-Based Q4OS Linux Distro to Get a New Look with Debonaire Desktop Theme

Q4OS is a small GNU/Linux distribution based on the latest Debian GNU/Linux operating system and built around the Trinity Desktop Environment (TDE). It's explicitly designed to make the Microsoft Windows to Linux transition accessible and more straightforward as possible for anyone.
Dubbed Debonaire, the new desktop theme uses dark-ish elements for the window titlebar and panel. Somehow it resembles the look and feels of the acclaimed Arc GTK+ theme, and it makes the Q4OS operating system more modern than the standard look offered by the Trinity Desktop Environment.

today's leftovers

Emmabuntüs recently released a video where they explain the goals and reasons of the project, current achievements and show people who really use this operating system. You can also see the members of the project live.

The U.S. Commerce Department's National Institute of Standards and Technology (NIST) has issued the second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework. The American National Standards Institute (ANSI) encourages all relevant stakeholders to submit draft comments to NIST by the deadline on Friday, January 19, 2018.

VLC 3.0 is something we've been looking forward to for years and it's looking like that big multimedia player update could be released very soon.
Thanks to Phoronix reader Fran for pointing out that VLC 3.0 release candidates have begun to not much attention. VLC 3.0 RC1 was tagged at the end of November and then on Tuesday marked VLC 3.0 RC2 being tagged, but without any official release announcements.

A new major release is available of Cryptsetup, the user-space utility for dealing with the DMCrypt kernel module for setting up encrypted disk volumes.
Cryptsetup 2.0.0 is notable in that it introduces support for the new on-disk LUKS2 format but still retaining support for LUKS(1). The LUKS2 format is security hardened to a greater extent, more extensible than LUKS, supports in-place upgrading from LUKS, and other changes.

There is no doubt Facebook is one of the most popular and dynamic social network platform in the modern Internet era. It has revolutionized technology, social networking, and the future of how we live and interact. With Facebook, We can connect, communicate with one another, instantly share our memories, photos, files and even money to anyone, anywhere in the world. Even though Facebook has its own official messenger, some tech enthusiasts and developers are developing alternative and feature-rich apps to communicate with your buddies. The one we are going to discuss today is Caprine. It is a free, elegant, open source, and unofficial Facebook messenger desktop app built with Electron framework.

It turns out that if firing up KDE's KWin Wayland compositor without XWayland support, it can start up so fast that it causes problems.
Without XWayland for providing legacy X11 support to KDE Wayland clients, the KWin compositor fires up so fast that it can cause a crash in their Wayland integration as KWin's internal connection isn't even established... Yep, Wayland compositors are much leaner and cleaner than the aging X Server code-base that dates back 30+ years, granted most of the XWayland code is much newer than that.

NetworkManager now has support for Intel's lean "IWD" WiFi daemon.
IWD is a lightweight daemon for managing WiFi devices via a D-Bus interface and has been in development since 2013 (but was only made public in 2016) and just depends upon GCC / Glibc / ELL (Embedded Linux Library).

Linux Foundation: Servers, Kubernetes and OpenContrail

The Cloud Native Computing Foundation, home of the Kubernetes open-source community, grew wildly this year. It welcomed membership from industry giants like Amazon Web Services Inc. and broke attendance records at last week’s KubeCon + CloudNativeCon conference in Austin, Texas. This is all happy news for Kubernetes — the favored platform for orchestrating containers (a virtualized method for running distributed applications). The technology needs all the untangling, simplifying fingers it can get.
This is also why most in the community are happy to tamp down their competitive instincts to chip away at common difficulties. “You kind of have to,” said Michelle Noorali (pictured), senior software engineer at Microsoft and co-chair of KubeCon + CloudNativeCon North America & Europe 2017. “These problems are really hard.”

Network slicing is poised to play a pivotal role in the enablement of 5G. The technology allows operators to run multiple virtual networks on top of a single, physical infrastructure. With 5G commercialization set for 2020, many are wondering to what extend network functions virtualization (NFV) and software-defined networking (SDN) can help move network slicing forward.

Juniper Networks has announced its intent to move the codebase for OpenContrail, an open-source network virtualisation platform for the cloud, to the Linux Foundation. OpenContrail provides both software-defined networking (SDN) and security features and has been deployed by various organisations, including cloud providers, telecom operators and enterprises to simplify operational complexities and automate workload management across diverse cloud environments.

Juniper Networks plans to move the codebase for its OpenContrail open-source network virtualization platform for the cloud to the Linux Foundation, broadening its efforts to drive more software innovations into the broader IT and service provider community.
The vendor is hardly a novice in developing open source platforms. In 2013, Juniper released its Contrail products as open sourced and built a user and developer community around the project. To drive its next growth phase, Juniper expanded the project’s governance, creating an even more open, community-led effort.

The annual Open Source Jobs Report from Dice and The Linux Foundation reveals a lot about prospects for open source professionals and hiring activity in the year ahead. In this year’s report, 86 percent of tech professionals said that knowing open source has advanced their careers. Yet what happens with all that experience when it comes time for advancing within their own organization or applying for a new roles elsewhere?